Disasters, new hardware, new software: to the phish scammer, it’s all potential bait for reeling in victims.
[Update: second screenshot was removed temporarily to remove the URL, and is now replaced with a cropped version.]
There are things almost as certain as death and taxes: crime is one of them. And there are certain events that always seem to trigger certain kinds of cybercrime. One is disaster, natural or man-made. So my colleague Urban Schrott has called attention to the likelihood of scams piggybacking the serious impact of ‘Superstorm’ Sandy on the East Coast of the US, and the FTC has some good advice on spotting charity scams. And this type of scam has been addressed in the Threatblog quite a lot before, so I won’t go belabour the point about Sandy-related 419s, phishing attacks, Blackhat SEO, and even out-and-out hoaxes with no apparent cash motive. This graphic, featured in Urban’s blog, is actually a doctored still from the disaster movie The Day After Tomorrow, and the Huffington Post noted last week that the number of sites registered with names potentially associated with the hurricane had already reached 1,100.
Secure as Windows 8 seems to be – though it’s clear that the search for ways in which to compromise it has been underway since long before its public release, and there are already reports of exploits – it has already been used extensively for social engineering attacks of various kinds. Trend Micro has sounded the alarm on fake anti-virus passing itself off as a Win8-specific security program, and both Trend and Sophos have flagged email messages offering a ‘free upgrade’ to Windows 8.
But here’s a slightly different angle of attack. Vicki, who quite often comments on our blogs, told me today that “…a friend of mine recently received a call from a female who sounded foreign … who claimed Microsoft was having them call everyone about a nasty virus all people with Windows 7 were experiencing…”
As it happens, I’ve heard about (and received) calls rather like that before. We’ve already mentioned here that support scammers from India used a spike in detections of Quervar/Dorifel in the Netherlands to offer ‘help’ to people in that region with disinfection, and I’ve received calls here in the UK from scammers who claimed that they could help me with a virus that was epidemic in this region, though they were unable to tell me which virus.
Can we expect scam calls like the one Vicki’s friend received, offering help with a Windows 8 virus or perhaps with other Windows 8 problems? I don’t know, but it’s certainly far from impossible. As more people get to hear about the older forms of the scam, the scammers are likely to seek new variations, and it’s a short step from 7 to 8…
David Harley CITP FBCS CISSP
ESET Senior Research Fellow